- 0
-
Recently Browsing 0 members
- No registered users viewing this page.
-
Activity
-
9
Viable protections against Layer7 attacks on servers
Run this command: ifconfig vtnet0 -txcsum -rxcsum -rxcsum6 -txcsum6 See if anything changes (with pf on) -
9
Viable protections against Layer7 attacks on servers
Actually, it is not in fact a small attack. And idk if i'm running on a virtual machine, for now it's a test vps bought from a hosting company which offers iso installation directly, so I just installed a 12.1 FreeBSD with that feature for it. Here's the output from ifconfig: vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> ether 00:ce:b4:37:72:cd inet 160.20.145.45 netmask 0xffffff00 broadcast 160.20.145.255 inet6 fe80::2ce:b4ff:fe37:72cd%vtnet0 prefixlen 64 scopeid 0x1 media: Ethernet 10Gbase-T <full-duplex> status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> I disabled pf, I can login and play normally, however, once I start the attack, the whole server will start lagging and, after a little bit will eventually kick my character and the whole login will break down, not even getting past "Connecting to server..." -
9
Viable protections against Layer7 attacks on servers
Such attack is normally too weak to bring any server down. The problem most likely lies elsewhere. Please provide the output of ifconfig and specifically, there's something to consider since you are running off a virtual machine: [Hidden Content] You should also disable pf and see what happens then. Does the attack still bring the channel down? If not, then your problem is with VirtIO. If yes, I suggest you follow this tutorial by Papix which is actually a pretty good idea: Otherwise you can contact me on Discord if you want me to have a look at it myself for a small fee. -
20
-
5
-
9
Viable protections against Layer7 attacks on servers
Running a layer7 attack via a public stresser, using a method called "HTTP-SOCKET", which is spamming GET requests to [Hidden Content] with 30 requests per ip, using around 2k ips with random geolocation. Here's my pf conf: # This is a minimalistic configuration with basic rate limiting # Change the value to reflect your public interface. You can see this with ifconfig. ext_if="vtnet0" # Ports used for services (ssh, http, https) service_ports="{ 22, 3306 }" # Ports game_ports="{20076, 20083, 20081, 20079, 20077 }" auth_ports="{20085}" icmp_types = "{ echoreq, unreach }" # table for abusive_hosts = Block IP´s. table <abusive_hosts> persist file "/usr/home/game/Firewall/abusive_hosts" # IP addresses that should override the firewall rules, such as your web server. table <whitelist> const { 127.0.0.1 } martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ 0.0.0.0/8, 240.0.0.0/4 255.255.255.255/32 \ ::/128 ::1/128 ::ffff:0:0/96 ::/96 100::/64 \ 2001:10::/28 2001:db8::/32 fc00::/7 fe80::/10 \ fec0::/10 ff00::/8 }" set block-policy drop set limit { states 100000, frags 20000, src-nodes 100000, table-entries 200000 } set loginterface $ext_if set skip on lo scrub on $ext_if reassemble tcp no-df random-id antispoof quick for { lo0 $ext_if } block in block in quick from <abusive_hosts> # Drop all Non-Routable Addresses block drop in quick on $ext_if from $martians to any block drop out quick on $ext_if from any to $martians pass out all keep state pass out on $ext_if all modulate state # Allow ping pass inet proto icmp all icmp-type $icmp_types keep state # Rate limits pass in on $ext_if proto tcp to any port $service_ports flags S/SA synproxy state \ (max-src-conn 30, max-src-conn-rate 15/5, overload <abusive_hosts> flush global) pass in on $ext_if proto tcp to any port $game_ports flags S/SA synproxy state \ (max-src-conn 30, max-src-conn-rate 15/5, overload <abusive_hosts> flush global) pass in on $ext_if proto tcp to any port $auth_ports flags S/SA synproxy state \ (max-src-conn 30, max-src-conn-rate 15/3, overload <abusive_hosts> flush global) pass in quick from <whitelist> -
9
Viable protections against Layer7 attacks on servers
What sort of attack are you running and what is your pf.conf? -
9
Viable protections against Layer7 attacks on servers
Sorry, here's the tcpdump using your arguments & the port of the attacked channel. (tcpdump -i vtnet0 -n -vvv port 20085 in my case) [Hidden Content] And here is the tcpdump for every port besides the one of my ssh (in my case is 22 since it's a test server) [Hidden Content]- 1
-
-
9
Viable protections against Layer7 attacks on servers
Please use the -n option and exclude the ssh port. Otherwise the dump isn't useful. tcpdump -i vtnet0 -n -vvv port not <your ssh port number>- 1
-
-
Question
John Smith 0
Hello Guys,
i use the 34083 game file and have problems with the buff effect.
i have a quest and a 34k client (shiro2) but i dont see the buff effect when i use a ring.
Can you help me pls?
Regards
Link to comment
Share on other sites
Top Posters For This Question
4
2
1
1
Popular Days
Mar 13
9
Top Posters For This Question
John Smith 4 posts
The Naid 2 posts
Markes' 1 post
Tasho 1 post
Popular Days
Mar 13 2014
9 posts
Popular Posts
Nightwish
Did you apply type 18 to the items?
8 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now